b"      Securities and Exchange\n          Commission\n             Office of Inspector General\nDuring the first half of fiscal year 2007, the Office of Inspector\nGeneral assisted the Commission in its efforts to:\n\n    - Complete required staff performance management steps\n         throughout the Commission in a timely and\n         appropriate fashion,\n\n    - Improve the process for providing staff interpretative \n\n          guidance in the Full Disclosure Program, \n\n\n    - Implement procedures to resolve backlogs of Freedom of\n          Information Act requests and comment letter postings\n          to the Internet,\n\n    - Enhance the integrity of the Commission and its staff by\n         investigating allegations of misconduct,\n\n    - Improve information technology security for the Blue\n          Sheets and Super Tracking and Reporting systems,\n\n    - Enhance the management of information technology \n\n         within the Division of Enforcement, \n\n\n    -\t Ensure appropriate use and security of the Name \n\n          Relationship Search Index system, and \n\n\n    -\t Further the implementation of the Commission's risk \n\n        assessment function. \n\n\x0c                                                                                                          PAGE 2\n\n\n\n\n                                   Executive Summary\nDuring this period (October 1, 2006 to March 31, 2007), the Office of Inspector General\n(Office) issued four audit reports, two evaluation reports, and one investigative\nmemorandum on management issues, and completed one survey.\nThese evaluations focused on management of staff performance in the Division of\nEnforcement; information technology (IT) management in the Division of Enforcement; Full\nDisclosure interpretive guidance; security evaluations of the Blue Sheets and Super Tracking\nand Reporting (STARS) systems; a backlog of requests under the Freedom of Information Act\n(FOIA); training and guidance for the Name Relationship Search Inquiry (NRSI) system;\nand the Office of Risk Assessment. This work is described in more detail in the Audit\nProgram section below.\nFive investigations were closed during the period.1 Three subjects were referred to the\nDepartment of Justice, which declined prosecution. Five subjects were referred to\nCommission management. Two of these subjects (both contractor employees) resigned. Two\nother subjects were reprimanded and one was counseled. In addition, two subjects referred\nduring prior semi-annual periods were suspended, and one subject referred during the prior\nperiod was reprimanded. Two subjects referred during prior semi-annual periods are\nawaiting disposition. The Investigative Program section below describes the significant\ncases closed during the period.\nWe are adding a new significant problem, removing one previously reported significant\nproblem, and retaining another previously reported significant problem.\nWe are reporting the Commission\xe2\x80\x99s management of staff performance as a new significant\nproblem, based on our review of the Division of Enforcement\xe2\x80\x99s staff performance\nmanagement. In that review, we found that Enforcement did not consistently perform parts\nof the performance evaluation process and did not retain performance documentation for the\nrequired amount of time. The Executive Director indicated that the current Commission-\nwide staff performance management system needs improvement. The Commission plans to\nchange its process to address deficiencies in the current system and to better ensure that\nrequired steps of the process are followed.\nIn its 2006 audit of the Commission\xe2\x80\x99s financial statements, the Government Accountability\nOffice found no material weaknesses. Based on their findings, we are removing financial\nmanagement systems controls as a significant problem.\nOur Office has reported information technology (IT) management as a significant problem\nfor several years. During that time, the Office of Information Technology has taken\nnumerous steps to improve IT management. Although it remains a significant problem at\n\n1\n    Two investigations closed during the prior semi-annual period (April 1, 2006 to September 30, 2006) were\n    inadvertently omitted from the semi-annual report for the second half of fiscal year 2006. A subject of one of these\n    investigations was referred to the Department of Justice, which declined prosecution.\n\nS E C U R I T I E S AN D E X C H AN G E C O M M I S S I O N                                          AP R I L 3 0 ,\n2007\n\x0c                                                                                    PAGE 3\n\n\nthis time, we have begun a special project to evaluate whether these steps, taken as a whole,\nhave corrected this significant problem.\nNo management decisions were revised during the period. The Office of Inspector General\nagrees with all significant management decisions regarding audit recommendations.\n\n\n\n                                           Audit Program\nDuring this period, the Office issued four audit reports, two evaluation reports, and one\ninvestigative memorandum on management issues. The Office also completed a survey.\nThese evaluations are summarized below. Management generally concurred with our\nrecommendations, and in many cases took corrective actions during the evaluations. A list\nof pending evaluations follows the summaries.\n\n\nIT MANAGEMENT IN ENFORCEMENT (NO. 405)\nOur review of the Division of Enforcement\xe2\x80\x99s IT management found that it was generally\nadequate. However, the Division needs to issue additional guidance to ensure a sound IT\nprogram. We recommended that the Division prepare an IT plan and document its\nprocedures for IT management, major initiatives (such as the document imaging project),\nand security management.\nDuring our review, the Division and the Office of Administrative Services (OAS) developed\nprocedures for preventing and resolving physical security incidents at the Division\xe2\x80\x99s\nforensics lab.\n\n\nFULL DISCLOSURE INTERPRETATIVE GUIDANCE (NO. 416)\nWe reviewed the process for issuing staff interpretive guidance for the Full Disclosure\nprogram. The Division of Corporation Finance and the Office of the Chief Accountant have\nprimary responsibility for issuing this guidance.\nWe identified a number of possible improvements to the process. Our recommendations\nconcern Staff Accounting Bulletins; disclosure of staff guidance; workload, timeliness, and\nreporting issues; file documentation; and procedures for responding to guidance requests\nand approving speeches.\n\n\nSYSTEMS SECURITY EVALUATION\xe2\x80\x94BLUE SHEETS (NO. 417)\nWe issued a task order to Electronic Consulting Services, Inc. (ECS) to evaluate the\nsecurity of the Blue Sheets system under the Federal Information Security Management\nAct (FISMA). The evaluation found that the Commission significantly improved its\n\n\nS E C U R I T I E S AN D E X C H AN G E C O M M I S S I O N                    AP R I L 3 0 ,\n2007\n\x0c                                                                                    PAGE 4\n\n\ncertification and accreditation process in fiscal year 2006 by remedying four of the five\nweaknesses we identified during our fiscal year 2005 FISMA evaluation.\nWe identified no high risk vulnerabilities and nine medium risk vulnerabilities. The\nmedium risk vulnerabilities concerned the risk assessment report; vulnerability scanning;\nthe system security plan; system documentation; external interconnections; the plan of\naction and milestones; the disaster recovery plan; baseline configuration and inventory; and\nconfiguration change control.\nOur overall FISMA evaluation report for fiscal year 2006 contained recommendations to\naddress most of these vulnerabilities. We made additional recommendations, as\nappropriate, in this report. The Office of Information Technology agrees with the findings\nand is performing an analysis on how to best implement the recommendations.\n\n\nOFFICE OF RISK ASSESSMENT (NO. 420)\nWe surveyed the Office of Risk Assessment (ORA), which was created several years ago to\nenhance the Commission\xe2\x80\x99s risk assessment function. During the survey, we gathered\nbackground information about ORA and its activities for audit planning purposes.\nBecause of the limited objective and scope of our survey, we did not issue a written report or\nmake any recommendations. We discussed several issues with ORA management,\nincluding the definition of its mission and its resource needs.\n\n\nFOIA BACKLOG (NO. 422)\nThe Divisions of Corporation Finance and Investment Management issue comment letters\non filings they receive. Over the last several years, commercial users significantly\nincreased their Freedom of Information Act (FOIA) requests for these comment letters.\nThese requests created a large backlog, which we analyzed in this audit.\nBesides the influx of requests, we identified several other factors which helped cause the\nbacklog. These included: management\xe2\x80\x99s decision to post a large number of already issued\nletters on the Commission website, which created a separate backlog of letters to be posted;\ninefficient processing procedures; and limited staff.\nWe made several recommendations to the two Divisions and the Commission\xe2\x80\x99s FOIA Office\nto improve the efficiency of processing procedures, both for FOIA requests and the posting\nof letters on the website. The Divisions and the FOIA Office have taken and plan to take\nseveral steps to address the FOIA backlog.\n\n\nENFORCEMENT PERFORMANCE MANAGEMENT (NO. 423)\nWe reviewed the Division of Enforcement\xe2\x80\x99s compliance with required performance\nmanagement procedures. We found that the Division did not consistently perform parts of\nthe performance appraisal process, especially for new, reassigned and detailed staff. Many\nEnforcement managers were not comfortable giving unacceptable ratings to poor\nS E C U R I T I E S AN D E X C H AN G E C O M M I S S I O N                    AP R I L 3 0 ,\n2007\n\x0c                                                                                  PAGE 5\n\n\nperformers and did not consistently retain performance documentation for the required\ntime. We also found that the Office of Human Resources (OHR) guidance to Commission\nmanagers needed improvement.\n\n\nWe recommended that the Division ensure its supervisors perform all required performance\nmanagement steps and that the OHR improve its written guidance and provide additional\ntraining.\nEnforcement management suggested that our findings were typical of the Commission as a\nwhole. The Commission\xe2\x80\x99s Executive Director indicated that the current performance\nmanagement program needs significant improvements. Starting in fiscal year 2008, the\nCommission will adopt a new program to address the deficiencies.\nBecause the Commission-wide staff performance management system is ineffective, we\nconsider it to be a significant problem (see below).\n\n\nSYSTEMS SECURITY EVALUATION\xe2\x80\x94STARS (NO. 424)\nIn addition to the Blue Sheets security evaluation (see above), we issued a task order to\nElectronic Consulting Services, Inc. (ECS) to evaluate the security of the Super Tracking\nand Reporting System (STARS).\nWe identified one high risk deficiency (a significant vulnerability requiring immediate\naction) within STARS: the need to encrypt data while in transit. We also found eight\nmedium risk vulnerabilities (significant deficiencies requiring timely action).\n The medium risk vulnerabilities concerned the STARS security categorization; the risk\nassessment report; the system security plan; system documentation; the plan of action and\nmilestones; the disaster recovery plan; baseline configuration and inventory; and\nconfiguration change control. As appropriate, we made recommendations to address these\nvulnerabilities. The Office of Information Technology agrees with the findings and is\nperforming an analysis on how to best implement the recommendations.\n\n\nNRSI TRAINING AND WARNING (NOS. G-442/433)\nCommission staff use the Name Relationship Search Index (NRSI) system to research all of\nthe relationships that companies or individuals have had with the Commission. During two\nOffice investigations (OIG-442 and OIG-433), we identified a need to improve user training\non NRSI to help prevent inappropriate use of the system. We also found that the warning\non the NRSI login screen does not inform employees that the NRSI database is to be used\nonly for official purposes.\nWe recommended improving NRSI training and appropriately modifying the warning on\nthe NRSI login screen.\n\n\n\n\nS E C U R I T I E S AN D E X C H AN G E C O M M I S S I O N                  AP R I L 3 0 ,\n2007\n\x0c                                                                                                         PAGE 6\n\n\nPENDING EVALUATIONS\nThe following evaluations were pending at the close of the semi-annual period (March 31,\n2007):\nNo. 421 Investment Company Filing Initiatives\nNo. 427 DynCorp Contract\xe2\x80\x94Detailed Review\nNo. 428 Document Imaging\nNo. 429 XBRL Survey\nNo. 430 Contract Ratifications\nNo. 431 IT Management Significant Problem\nNo. 432 Receiver Oversight\n\n\n\n                                     Investigative Program\nFive investigations were closed during the period. Three subjects were referred to the\nDepartment of Justice, which declined prosecution. Five subjects were referred to\nCommission management. Two of these subjects (both contractor employees) resigned.\nTwo other subjects were reprimanded and one was counseled. In addition, two subjects\nreferred during prior semi-annual periods were suspended, and one subject referred during\nthe prior period was reprimanded. Two subjects referred during prior semi-annual periods\nare awaiting disposition.\nThe most significant cases closed during the period, as well as a case closed during the prior\nperiod,2 are described below.\n\n\nTHEFT OF GOVERNMENT INFORMATION\nAn Office investigation developed evidence that an employee who left the Commission took\nlarge quantities of non-public Commission information and loaded it onto his new\nemployer\xe2\x80\x99s computer system. The non-public Commission information was returned, and\nthe Department of Justice declined prosecution.\n\n\nCONTRACTOR FRAUD\nThe Office investigated allegations that a Commission contractor was billing for non\nexistent employees, billing more than once for the same work, and offering bonuses to staff\nto take longer to complete work. The evidence developed during the investigation failed to\nsubstantiate the allegations.\n\n2\n     As mentioned in footnote 1 above, two cases closed during the prior semi-annual period were inadvertently omitted\n    from our last semi-annual report.\nS E C U R I T I E S AN D E X C H AN G E C O M M I S S I O N                                         AP R I L 3 0 ,\n2007\n\x0c                                                                                   PAGE 7\n\n\nMISUSE OF DATABASE\nAn Office investigation disclosed that a staff member had searched a non-public\nCommission database for information unrelated to the employee\xe2\x80\x99s job responsibilities. We\nfound no evidence, however, that the employee had released non-public information to\nunauthorized persons. Management counseled the employee about proper use of the\ndatabase.\n\n\nFAILURE TO REPORT SECURITIES TRANSACTIONS\nThe Office investigated an allegation that a staff member had used his position at the\nCommission to assist a relative with selling securities. Our investigation disclosed no\nevidence of misuse of position to assist the relative. However, we did find evidence that the\nemployee failed to report investments as required by a Commission rule, failed to consider\nthe potential for the appearance of a conflict of interest, and exhibited a possible lack of\ncandor. The employee was reprimanded and required to attend ethics counseling and\ntraining.\n\n\nMISUSE OF COMPUTER RESOURCES AND FALSE STATEMENTS\nAn Office investigation developed evidence that three contractor employees had misused\nCommission computer resources to support a personal computer business. We also found\nevidence that the employees made false statements about these activities, and that one of\nthe employees had previously lied to the agency about his arrest record. Our investigation\ndid not find evidence that the employees had sold any used Commission hardware or\nsoftware through their computer business, and the Department of Justice declined\nprosecution. Two of the employees resigned, and the contractor reprimanded the third\nemployee.\n\n\n\n                                     Significant Problems\n\nSTAFF PERFORMANCE MANAGEMENT\nThis period, the Office identified a significant problem with the Commission\xe2\x80\x99s staff\nperformance management system, based on audit work conducted in the Division of\nEnforcement (see Audit No. 423 above).\nAlthough the audit scope was limited to the Division of Enforcement, the Executive\nDirector agreed that the Commission-wide staff performance management program needs\nsignificant improvement. The Commission plans to adopt a new performance management\nprogram to address the deficiencies, starting in fiscal year 2008.\n\n\nS E C U R I T I E S AN D E X C H AN G E C O M M I S S I O N                   AP R I L 3 0 ,\n2007\n\x0c                                                                                   PAGE 8\n\n\nBecause the Commission-wide staff performance management system is ineffective, we\nconsider it to be a significant problem.\n\n\n\n\n           Significant Problems Identified Previously\n\nFINANCIAL MANAGEMENT SYSTEMS CONTROLS\nAn OIG contractor completed an audit of Commission financial management systems\ncontrols during a prior period (Audit No. 362). The audit found that Commission financial\nmanagement controls for fiscal year 2002 were effective in all material respects, based on\ncriteria established under the Federal Managers Financial Integrity Act, except for three\nmaterial weaknesses and one material non-conformance.\nThe exceptions concerned property accountability, accounting and control of disgorgements,\ninformation system and security program controls, and the Disgorgement and Penalties\nTracking System. We reported that, taken together, these financial management\nexceptions were a significant problem for the Commission. Management concurred with\nour recommendations to strengthen these financial controls, and promptly began to take\nactions to correct the weaknesses.\nThe Government Accountability Office (GAO) performed the audit of the Commission\xe2\x80\x99s\nfinancial statements for fiscal years 2004 and 2005. The audits found that the Commission\nhas made significant progress in building a financial reporting structure for preparing\nfinancial statements for audit.\nGAO also found that the SEC property account balance was below the threshold for\nmateriality; as a consequence we had previously removed property accountability as an\nelement of this significant problem. However, GAO identified material internal control\nweaknesses in preparing financial statements and related disclosures, recording and\nreporting disgorgements and penalties, and information security, which became the basis\nfor this significant problem.\nDuring its audit of the Commission\xe2\x80\x99s fiscal year 2006 financial statements, GAO indicated\nthat it no longer considers the weaknesses in financial reporting, disgorgements and\npenalties, and information security to be material, based on the corrective actions taken by\nthe Commission. Accordingly, we are removing financial management systems controls as\na significant problem.\n\n\nINFORMATION TECHNOLOGY MANAGEMENT\nSince April 1996, we have reported information technology (IT) management as a\nsignificant problem based on weaknesses identified by several audits, investigations, and\nmanagement studies. Significant IT management weaknesses included information\n\nS E C U R I T I E S AN D E X C H AN G E C O M M I S S I O N                   AP R I L 3 0 ,\n2007\n\x0c                                                                                    PAGE 9\n\n\nsystems security; IT capital investment decision-making; administration of IT contracts; IT\nproject management; enterprise architecture management; strategic management of IT\nhuman capital; and management of software licenses.\nWe no longer consider information systems security to be an element of this significant\nproblem, based on our fiscal year 2006 FISMA evaluation and GAO\xe2\x80\x99s audit of the\nCommission\xe2\x80\x99s fiscal year 2006 financial statements. The Office of Information Technology\n(OIT) indicated that it has continued to strengthen IT management during this reporting\nperiod and expects it will no longer be a significant problem by the end of fiscal year 2007.\nWe have begun a special project to evaluate whether the progress made by OIT in\nstrengthening IT management is sufficient to warrant removing it as a significant problem.\n\n\n\n                                    Access to Information\nThe Office of Inspector General has received access to all information required to carry out\nits activities. No reports to the Chairman, concerning refusal of such information, were\nmade during the period.\n\n\n\n                                              Other Matters\n\nEXTERNAL COORDINATION\nThe Office actively participates in the activities of the Executive Council on Integrity and\nEfficiency (ECIE). The Inspector General attends ECIE meetings, is an active member of\nits Financial Institutions Regulatory Committee, and serves as the ECIE member on the\nIntegrity Committee (established by Executive Order No. 12993).\nThe Deputy Inspector General is an active member of the Federal Audit Executive Council\n(FAEC). The FAEC considers audit issues relevant to the Inspector General community.\nThe Counsel to the Inspector General is the Vice-Chair of the PCIE Council of Counsels; the\nAssociate Counsel is an active member. The Council considers legal issues relevant to the\nInspector General community.\n\n\nREVIEW OF LEGISLATION AND REGULATIONS\nThe Office reviewed legislation and proposed and final rules relating to the programs and\noperations of the Commission, pursuant to the Inspector General Act. We tracked both\nlegislation and regulations by researching relevant documents and databases, including\nlists prepared by the IG community and the Commission's Office of General Counsel. Our\nindependent assessments focused on the impact of the legislation or rule on the economy\nand efficiency of, and the prevention and detection of fraud and abuse in, programs and\nS E C U R I T I E S AN D E X C H AN G E C O M M I S S I O N                    AP R I L 3 0 ,\n2007\n\x0c                                                                                  PAGE 10\n\n\noperations administered by the Commission. In addition, we reviewed statutes and\nregulations within the context of audits and investigations (e.g., the impact of the Federal\nInformation Security Management Act on Commission operations).\nIn conjunction with the Legislation Committee of the PCIE/ECIE, we also reviewed\nlegislation and rules that would have an impact on the Inspector General community. We\nprovided comments to the PCIE Legislation Committee on the \xe2\x80\x9cAccountability in\nGovernment Contracting Act of 2007.\xe2\x80\x9d\n\n\n\n\nS E C U R I T I E S AN D E X C H AN G E C O M M I S S I O N                    AP R I L 3 0 ,\n2007\n\x0c                                                                                   PAGE 11\n\n\n\n\n                                       Questioned Costs\n\n                                                                            DOLLAR VALUE\n                                                                          (IN THOUSANDS)\n\n\n                                                                       UNSUPPORTED       QUESTIONED\n                                                              NUMBER      COSTS            COSTS\nA          For which no management decision\n           has been made by the\n           commencement of the reporting                        0           0                    0\n           period\n\nB          Which were issued during the\n           reporting period\n                                                                0           0                    0\n\n           Subtotals (A+B)                                      0           0                    0\n\nC          For which a management decision                      0           0                    0\n           was made during the reporting\n           period\n\n    (i)    Dollar value of disallowed costs                     0           0                    0\n\n    (ii)   Dollar value of costs not                            0          0                     0\n           disallowed\n\nD          For which no management                              0          0                     0\n           decision has been made by the end\n           of the period\n\n           Reports for which no management                      0          0                     0\n           decision was made within six\n           months of issuance\n\n\n\n\nS E C U R I T I E S AN D E X C H AN G E C O M M I S S I O N                     AP R I L 3 0 ,\n2007\n\x0c                                                                                    PAGE 12\n\n\n\n\n              Recommendations That Funds Be Put To\n                        Better Use\n                                                                          DOLLAR VALUE\n                                                                NUMBER   (IN THOUSANDS)\nA\t           For which no management decision\n             has been made by the commencement\n                                                                  0             0\n             of the reporting period\nB\t           Which were issued during the\n             reporting period\n                                                                   0            0\n\n\n             Subtotals (A+B)            \t                          0            0\nC\t           For which a management decision                      0             0\n             was made during the period\n      (i) \t Dollar value of recommendations that                  0             0\n            were agreed to by management\n         -\t Based on proposed management                          0             0\n            action\n         -\t Based on proposed legislative action                  0             0\n      (ii) \t Dollar value of recommendations that                 0             0\n             were not agreed to by management\nD\t           For which no management decision\n             has been made by the end of the\n                                                                  0             0\n             reporting period\n             Reports for which no management\n             decision was made within six months\n                                                                  0             0\n             of issuance\n\n\n\n\nS E C U R I T I E S AN D E X C H AN G E C O M M I S S I O N \t                  AP R I L 3 0 ,\n2007\n\x0c                                                                              PAGE 13\n\n\n\n\n           Reports with No Management Decisions\nManagement decisions have been made on all audit reports issued before the beginning of\nthis reporting period (October 1, 2006).\n\n\n\n                     Revised Management Decisions\nNo management decisions were revised during the period.\n\n\n\n          Agreement with Significant Management \n\n                        Decisions\n\nThe Office of Inspector General agrees with all significant management decisions regarding\naudit recommendations.\n\n\n\n\nS E C U R I T I E S AN D E X C H AN G E C O M M I S S I O N                AP R I L 3 0 ,\n2007\n\x0c                       MANAGEMENT RESPONSE OF \n\n               THE SECURITIES AND EXCHANGE COMMISSION \n\n     ACCOMPANYING THE SEMIANNUAL REPORT OF THE INSPECTOR GENERAL \n\n          FOR THE PERIOD OCTOBER 1, 2006 THROUGH MARCH 31, 2007 \n\n\n\nIntroduction\n\nThe Semiannual Report of the Inspector General of the Securities and Exchange Commission\n(SEC) was submitted to the Chairman on April 30, 2007 as required by the Inspector General\nAct of 1978, as amended. The report has been reviewed by a member of the Executive Staff, as\nwell as the Executive Director, General Counsel, and Director of the Division of Enforcement.\nThe Management Response is based on their views and consultation with the Chairman.\n\nThe Management Response is divided into four sections to reflect the specific requirements\nlisted in Section 5(b) of the Inspector General Act of 1978, as amended.\n\n                                        Section I                                                  \n\n                   Comments Keyed to Significant Sections of the IG Report \n\n\nA.   Audit Program\n\n     During the reporting period, the Office of Inspector General (OIG) issued four audit\n     reports, two evaluation reports, and one investigative memorandum on management issues.\n     Management generally concurred with the findings and recommendations in the OIG\xe2\x80\x99s\n     reports.\n\n     In addition to audits performed by the OIG, the Government Accountability Office (GAO)\n     actively reviewed program and administrative functions of the SEC. A complete listing of\n     all GAO audit activity involving the SEC is attached as Appendix A.\n\nB.   Response to Significant Problems\n\n     Performance Management System\n\n     The OIG identified the Commission\xe2\x80\x99s staff performance management system as a new\n     significant problem. Agency management has recognized for some time that the current\n     pay for performance process needs significant improvements and initiated negotiations at\n     the earliest possible date to affect such improvements. Due to the government-wide efforts\n     regarding pay for performance, the national unions that represent federal employees have\n     made this a priority area for negotiations. In the case of the SEC, those negotiations took\n     nearly 18 months and went through mediation and ultimately the review of the Federal\n     Services Impasse Panel (FSIP). During the course of the negotiations and the panel\n     deliberations, the SEC was prohibited from making any changes to the system. The SEC\n     recently received a favorable opinion from the FSIP and the process of implementing the\n     decision has begun.\n\x0c     A pilot program is ongoing in the Office of Human Resources under which staff members\n     are rated on a five-level system. Most importantly, it provides training and guidance that is\n     far more extensive than the current system. It also supports automation which creates\n     enhanced visibility. This new program addresses many issues raised by the OIG, and is\n     expected to be adopted throughout the Commission starting in fiscal year 2008.\n\n     An additional outcome of the FSIP decision is that the Senior Officer (SO) performance\n     plans will be structured and managed in the same way as the \xe2\x80\x9cSK\xe2\x80\x9d plans, which will reduce\n     the difficulties associated with maintaining two different systems. The \xe2\x80\x9cSK\xe2\x80\x9d performance\n     cycle will also adjust to a fiscal year basis, which will bring it into alignment with the SO\n     system.\n\nC.   Response to Significant Problems Previously Identified\n\n     Information Resources Management\n\n     During this reporting period, the Office of Information Technology (OIT) continued to\n     aggressively establish, implement, and enforce IT management policies and controls to\n     strengthen the overall effectiveness of the SEC\xe2\x80\x99s Information Resources Management\n     Program. Particular emphasis continues to be placed on implementing the OIG\xe2\x80\x99s and the\n     GAO\xe2\x80\x99s recommended improvements in such areas as IT security, capital investment\n     decision-making, administration of IT contracts, IT project management, enterprise\n     architecture management, the strategic management of IT human capital, and the\n     management of software licenses.\n\n     The SEC has placed a particular focus on improving information security over the last 12\n     months, which resulted in the GAO downgrading the issue from a material weakness to a\n     reportable condition in the agency\xe2\x80\x99s Performance and Accountability Report. Because of\n     the ever-changing nature of information security threats, however, IT security continues to\n     be a priority in order to ensure the secure operation of the SEC\xe2\x80\x99s information technology\n     infrastructure, and the dependable delivery of services to the public.\n\n     OIT also has made significant progress in other areas, such as capital planning and\n     investment control. For example, the Chief Information Officer initiated monthly project\n     status meetings to review and discuss all development, modernization, and enhancement IT\n     initiatives to ensure that baseline budgets and schedules remain on target, and that\n     corrective actions are initiated as required. Also, OIT improved project closeout reporting\n     and initiated a pilot database to serve as a repository to capture and analyze lessons learned\n     to facilitate improvements and enhancements to the SEC\xe2\x80\x99s capital planning and investment\n     control processes. In addition, OIT initiated an IT workforce evaluation, which is being\n     used to identify IT skill and proficiency gaps. The results of the analysis will be used to\n     enhance proficiency and core competencies and skills. OIT and OIG are now undertaking\n     an assessment of OIT\xe2\x80\x99s progress in eliminating the issues historically identified by the\n                                                2\n\n\x0c    OIG; this joint assessment will be completed by calendar year-end.\n\nD. \t IG Recommendations Concerning Use of Funds\n\n    None.\n\nE. \t Reports with No Management Decisions\n\n    Management decisions have been made on all audits issued prior to the beginning of the\n    reporting period (October 1, 2006).\n\nF. \t Revised Management Decisions\n\n    No management decisions were revised during the reporting period.\n\n\n\n\n                                             3\n\n\x0cSEC Management Response to\nSemiannual IG Report\nOctober 1, 2006 \xe2\x80\x93 March 31, 2007\n\n\n                                           SECTION II                                 \n\n                                        Disallowed Costs                              \n\n                                       As of March 31, 2007 \n\n\n\n                                                                     Dollar Value\n                                                            Number   (in thousands)\n\nA. \t   For which final action has\n       not been taken by the\n       commencement of the\n       reporting period                                         0           $0\n\nB. \t   On which management decisions\n       were made during the reporting\n       period                                                   0           $0\n\n       (Subtotal A+B)        \t                                  0           $0\n\nC. \t   For which final action was\n       taken during the reporting\n       period                                                   0           $0\n\n       (i)    Recovered by management \t                         0           $0\n\n       (ii)   Disallowed by management                          0\t          $0\n\nD. \t   For which no final action has\n       been taken by the end of the\n       reporting period                                         0           $0\n\n\n\n\n                                                4\n\n\x0cSEC Management Response to\nSemiannual IG Report\nOctober 1, 2006 \xe2\x80\x93 March 31, 2007\n\n\n                                           SECTION III                               \n\n                                      Funds Put to Better Use \n\n                                       As of March 31, 2007 \n\n\n\n                                                                    Dollar Value\n                                                           Number   (in thousands)\n\nA. \t   For which final action has\n       not been taken by the\n       commencement of the\n       reporting period                                      0             $0\n\nB. \t   On which management decisions\n       were made during the reporting\n       period                                                0             $0\n\nC. \t   For which final action was\n       taken during the reporting\n       period:\n\n       (i) \t    Dollar value of recom\n                mendations that were\n                agreed to by management                      0             $0\n\n       (ii) \t   Dollar value of recom\n                mendations that management\n                has subsequently concluded\n                should/could not be\n                implemented or completed                     0             $0\n\nD. \t   For which no final action has been\n       taken by the end of the reporting period              0             $0\n\n\n\n\n                                                  5\n\n\x0c                                                                                           SEC Management Response to\n                                                                                           Semiannual IG Report\n                                                                                           October 1, 2006 \xe2\x80\x93 March 31, 2007\n\n                                                         SECTION IV                                                                  \n\n                                             Open Audit Reports Over One Year Old \n\n                                                    As of March 31, 2007 \n\n\n\n                                                  Funds Put to\n                                                  Better Use            Questioned Costs\nAudit #   Audit Title               Issued        (in thousands)         (in thousands)    Reason Final Action Not Taken\n\n220 \t     IRM Planning and\n          Execution                 3/26/1996        $0                       $0           A major initiative is underway to publish\n                                                                                           all remaining IT-related policies in 2007.\n                                                                                           This initiative will address all aspects of\n                                                                                           policy related to IT management.\n\n320 \t     General Computer Controls 12/26/2000       $0                       $0           The overall recommendation is centered\n                                                                                           around the on-boarding and off-boarding\n                                                                                           of staff and contractors. A pilot system\n                                                                                           has been put into production, and full\n                                                                                           deployment is being coordinated with\n                                                                                           the HSPD-12 government-wide initiative.\n\n337 \t     IT Project Management     1/24/2002        $0                       $0           Remaining actions require completion of\n                                                                                           formal policies.\n\n\n\n                                                                   6\n\n\x0c                                                                                           SEC Management Response to\n                                                                                           Semiannual IG Report\n                                                                                           October 1, 2006 \xe2\x80\x93 March 31, 2007\n\n                                                         SECTION IV                                                                    \n\n                                             Open Audit Reports Over One Year Old \n\n                                                    As of March 31, 2007 \n\n\n\n                                                  Funds Put to\n                                                  Better Use            Questioned Costs\nAudit #   Audit Title               Issued        (in thousands)        (in thousands)         Reason Final Action Not Taken\n\n365\t      IT Capital Investment\n          Decision-making Follow-up 3/29/2004        $0                       $0               The IT Capital Planning Committee has\n                                                                                               been operating under the terms of a draft\n                                                                                               charter since late 2004. A revised draft\n                                                                                               charter is under review due to a change in\n                                                                                               the Committee\xe2\x80\x99s procedures.\n\n371\t      Small Business Reg D\n          Exemption Process         3/31/2004        $0                       $0               The two remaining recommendations\n                                                                                               are being addressed as part of a rule-\n                                                                                               making initiative. A process has been\n                                                                                               worked out to coordinate development\n                                                                                               of the rule proposals with state securities\n                                                                                               regulators.\n\n376 \t     Telephone Card Program    11/17/2003       $0                       $0               See explanation for audit #220.\n\n\n                                                                   7\n\n\x0c                                                                                        SEC Management Response to\n                                                                                        Semiannual IG Report\n                                                                                        October 1, 2006 \xe2\x80\x93 March 31, 2007\n\n\n                                                        SECTION IV                                                                 \n\n                                            Open Audit Reports Over One Year Old \n\n                                                   As of March 31, 2007 \n\n\n\n                                              Funds Put to\n                                              Better Use            Questioned Costs\nAudit #   Audit Title           Issued        (in thousands)         (in thousands)    Reason Final Action Not Taken\n\n377\t      Lost and Stolen\n          Securities Program    3/31/2004         $0                      $0           Management is exploring the possibility\n                                                                                       of conducting a full risk assessment\n                                                                                       of the program\xe2\x80\x99s database.\n\n393 \t     Software Management   3/24/2005         $0                      $0           An interim policy has been issued\n                                                                                       that assigns responsibilities for\n                                                                                       management of software licenses. A\n                                                                                       working group has been established to\n                                                                                       develop specific procedures recommended\n                                                                                       in the audit report. In addition, work is\n                                                                                       underway to identify performance\n                                                                                       metrics for monitoring and follow-up\n                                                                                       on software licensing information.\n\n\n\n                                                               8\n\n\x0c                                                                                               SEC Management Response to\n                                                                                               Semiannual IG Report\n                                                                                               October 1, 2006 \xe2\x80\x93 March 31, 2007\n\n                                                             SECTION IV                                                                  \n\n                                                 Open Audit Reports Over One Year Old \n\n                                                        As of March 31, 2007 \n\n\n\n                                                      Funds Put to\n                                                      Better Use            Questioned Costs\nAudit #   Audit Title                   Issued        (in thousands)         (in thousands)     Reason Final Action Not Taken\n\n394       Targeting B/D Compliance\n           Examinations                 9/22/2005        $0                       $0            Most of the recommendations have been\n                                                                                                implemented. Planning is underway to\n                                                                                                make certain data more widely available to\n                                                                                                SEC staff as the agency moves ahead with\n                                                                                                enterprise architecture.\n\n395\t      Integrity Program\xe2\x80\x94\n          Inspection of Field Offices   5/31/2005        $0                       $0            Revisions are expected to be made to\n                                                                                                the draft employee handbook.\n\n399       Government Performance\n          And Results Act\xe2\x80\x942004          9/27/2005        $0                       $0            Efforts are underway to review activity-\n                                                                                                based costing data and to revise or generate\n                                                                                                new performance measures.\n\n\n\n                                                                       9\n\n\x0c                                                                                            SEC Management Response to\n                                                                                            Semiannual IG Report\n                                                                                            October 1, 2006 \xe2\x80\x93 March 31, 2007\n\n                                                         SECTION IV                                                                  \n\n                                             Open Audit Reports Over One Year Old \n\n                                                    As of March 31, 2007 \n\n\n\n                                                  Funds Put to\n                                                  Better Use             Questioned Costs\nAudit #   Audit Title               Issued        (in thousands)           (in thousands)    Reason Final Action Not Taken\n\n402       Office of the Secretary   9/20/2005        $0                        $0            The Library is conducting a needs\n                                                                                             assessment to determine SEC staff\n                                                                                             information requirements. The survey\n                                                                                             results will help determine how to meet the\n                                                                                             OIG\xe2\x80\x99s audit recommendations.\n\n406       Federal Information \n\n           Security Management \n\n          Act\xe2\x80\x942005                  9/28/2005        $0                        $0 \n          Most of the recommendations have been\n                                                                                             implemented. With regard to the one\n                                                                                             remaining recommendation, Privacy Impact\n                                                                                             Assessments are underway for all\n                                                                                             applications with an expected completion\n                                                                                             of March 2008.\n\n\n\n\n                                                                   10\n\n\x0c                                                                                           SEC Management Response to\n                                                                                           Semiannual IG Report\n                                                                                           October 1, 2006 \xe2\x80\x93 March 31, 2007\n\n                                                        SECTION IV                                                                   \n\n                                            Open Audit Reports Over One Year Old \n\n                                                   As of March 31, 2007 \n\n\n\n                                                 Funds Put to\n                                                 Better Use             Questioned Costs\nAudit #   Audit Title              Issued        (in thousands)           (in thousands)    Reason Final Action Not Taken\n\n409\t      Certification and\n          Accreditation of ACTS+   9/30/2005        $0                        $0            The certification and accreditation process\n                                                                                            was recently updated and the system\xe2\x80\x99s\n                                                                                            security and disaster recovery plans are\n                                                                                            being modified. The expected completion\n                                                                                            date is June 2007.\n\nPI-6-17   Workplace Violence\n          Prevention Program       3/27/2006        $0                        $0            An updated policy is being drafted.\n                                                                                            After the policy is approved and\n                                                                                            communicated to staff, training\n                                                                                            sessions will commence.\n\n\n\n\n                                                                  11\n\n\x0c                                                                     APPENDIX A\n\n\n                         Government Accountability Office Audit Activity \n\n                        Involving the Securities and Exchange Commission \n\n\n\nReports Issued During the Reporting Period\n\n  1. \t Private Pensions: Changes Needed to Provide 401(k) Plan Participants and the \n\n       Department of Labor Better Information on Fees (GAO-07-21, November 2006) \n\n\n  2.\t   Employee Benefits Security Administration: Enforcement Improvements Made but \n\n        Additional Actions Could Further Enhance Pension Plan Oversight (GAO-07-22, \n\n        January 2007) \n\n\n  3.\t   Corporate Governance: NCUA\xe2\x80\x99s Controls and Related Procedures for Board\n        Independence and Objectivity Are Similar to Other Financial Regulators, but\n        Opportunities Exist to Enhance Its Governance Structure (GAO-07-72R, November\n        30, 2006)\n\n  4.\t   Risk-based Capital: Bank Regulators Need to Improve Transparency and Overcome\n        Impediments to Finalizing the Proposed Basel II Framework (GAO-07-253, February\n        2007)\n\n  5.\t   Financial Market Regulation: Agencies Engaged in Consolidated Supervision Can\n        Strengthen Performance Management and Collaboration (GAO-07-154, March 2007)\n\n  6.\t   Information Security: Sustained Progress Needed to Strengthen Controls at the \n\n        Securities and Exchange Commission (GAO-07-257, March 27, 2007) \n\n\n\nProjects Active as of March 31, 2007\n\n1. \t    SEC Enforcement Actions (250322). A review of the operations of the SEC\xe2\x80\x99s\n        Division of Enforcement.\n\n2. \t    SEC Oversight of SROs (250326). A review of the SEC oversight of self-regulatory\n        organizations and its inspection and examination process.\n\n3. \t    Institution Diversity and Consolidation (250328). A study regarding the diversity\n        and complexity of the banking and financial services industries, the current\n        regulatory structure for these industries, and the costs associated with regulatory\n        compliance.\n\n4. \t    Competition in the Accounting Profession (250321). An examination of recent\n        changes in the market for public company auditors, recent changes in the level of\n\x0c       competition in the market and auditor choices for public companies, trends in audit\n       costs and quality, the impact of concerns over access to capital formation and\n       securities markets on companies\xe2\x80\x99 choice of auditors, and challenges faced by mid-\n       sized and smaller auditing firms in serving the market for audit and other services to\n       public companies.\n\n5. \t   Hedge Funds and SEC Oversight (250313). A review of the evolution of the hedge\n       fund industry in terms of growth, investment strategies and fee structures; SEC\n       oversight of hedge funds and financial regulators\xe2\x80\x99 oversight of counterparties;\n       disclosure requirements; potential implications of ERISA amendments related to\n       hedge funds; and the applicability of legislative reforms suggested by the President\xe2\x80\x99s\n       Working Group after Long Term Capital Management.\n\n6. \t   SEC Oversight of Corporate Governance Ratings (250312). A review of the SEC\xe2\x80\x99s\n       oversight of firms that provide proxy advisory services and corporate governance\n       ratings.\n\n7.     \t redit Derivatives (250310). A review of the use of information technology systems\n       C\n       in the credit derivatives markets.\n\n8. \t Pay and Performance Systems (450460/450492). A review of pay and performance\n     systems at the SEC and other federal financial regulatory agencies.\n\n9. \t Financial Markets Preparation Follow-on (250285). A review of the progress made\n     by U.S. financial regulators and market participants to increase their security and\n     resiliency against attacks or other disasters, as well as to follow-up on issues and\n     recommendations made from GAO\xe2\x80\x99s prior reports.\n\n10. \t Financial Statement Audit (194571). An audit of the SEC\xe2\x80\x99s 2006 financial\n      statements.\n\n11.    \t tility Oversight (360719). A study of FERC\xe2\x80\x99s efforts to assume responsibilities for\n       U\n       protecting consumers and investors previously under the jurisdiction of the SEC.\n\n12.    E\n       \t nergy Futures (250256) and Natural Gas Prices (360659). The first assignment is a\n       review of the CFTC\xe2\x80\x99s oversight of futures trading in energy. The second assignment\n       is a review of the factors that affect natural gas price volatility and the Federal\n       Government\xe2\x80\x99s role in ensuring that prices are determined in a competitive market.\n       GAO\xe2\x80\x99s discussions with SEC concern the SEC\xe2\x80\x99s equities market surveillance, staff\n       report entitled, \xe2\x80\x9cImplications of the Growth of Hedge Funds in September 2003,\xe2\x80\x9d and\n       how the role played by hedge funds in the financial markets has changed.\n\n\n\n\n                                              2\n\n\x0c"